1. 05 4月, 2013 16 次提交
    • P
      rpc: Fix connection close callback race condition and memory corruption/crash · 8ad126e6
      Peter Krempa 提交于
      The last Viktor's effort to fix the race and memory corruption unfortunately
      wasn't complete in the case the close callback was not registered in an
      connection. At that time, the trail of event's that I'll describe later could
      still happen and corrupt the memory or cause a crash of the client (including
      the daemon in case of a p2p migration).
      
      Consider the following prerequisities and trail of events:
      Let's have a remote connection to a hypervisor that doesn't have a close
      callback registered and the client is using the event loop. The crash happens in
      cooperation of 2 threads. Thread E is the event loop and thread W is the worker
      that does some stuff. R denotes the remote client.
      
      1.) W - The client finishes everything and sheds the last reference on the client
      2.) W - The virObject stuff invokes virConnectDispose that invokes doRemoteClose
      3.) W - the remote close method invokes the REMOTE_PROC_CLOSE RPC method.
      4.) W - The thread is preempted at this point.
      5.) R - The remote side receives the close and closes the socket.
      6.) E - poll() wakes up due to the closed socket and invokes the close callback
      7.) E - The event loop is preempted right before remoteClientCloseFunc is called
      8.) W - The worker now finishes, and frees the conn object.
      9.) E - The remoteClientCloseFunc accesses the now-freed conn object in the
              attempt to retrieve pointer for the real close callback.
      10.) Kaboom, corrupted memory/segfault.
      
      This patch tries to fix this by introducing a new object that survives the
      freeing of the connection object. We can't increase the reference count on the
      connection object itself or the connection would never be closed, as the
      connection is closed only when the reference count reaches zero.
      
      The new object - virConnectCloseCallbackData - is a lockable object that keeps
      the pointers to the real user registered callback and ensures that the
      connection callback is either not called if the connection was already freed or
      that the connection isn't freed while this is being called.
      8ad126e6
    • P
      virsh: Register and unregister the close callback also in cmdConnect · 69ab0756
      Peter Krempa 提交于
      This patch improves the error message after disconnecting from the
      hypervisor and adds the close callback operations required not to leak
      the callback reference.
      69ab0756
    • P
      virsh: Move cmdConnect from virsh-host.c to virsh.c · ca9e73eb
      Peter Krempa 提交于
      The function is used to establish connection so it should be in the main
      virsh file. This movement also enables further improvements done in next
      patches.
      
      Note that the "connect" command has moved from the host section of virsh to the
      main section. It is now listed by 'virsh help virsh' instead of 'virsh help
      host'.
      ca9e73eb
    • V
      virsh: Unregister the connection close notifier upon termination · e964ba27
      Viktor Mihajlovski 提交于
      Before closing the connection we unregister the close callback
      to prevent a reference leak.
      
      Further, the messages on virConnectClose != 0 are a bit more specific
      now.
      Signed-off-by: NViktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
      e964ba27
    • V
      libvirt: Increase connection reference count for callbacks · 03a43efa
      Viktor Mihajlovski 提交于
      By adjusting the reference count of the connection object we
      prevent races between callback function and virConnectClose.
      Signed-off-by: NViktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
      03a43efa
    • P
      virCaps: get rid of defaultConsoleTargetType callback · 482e5f15
      Peter Krempa 提交于
      This patch refactors various places to allow removing of the
      defaultConsoleTargetType callback from the virCaps structure.
      
      A new console character device target type is introduced -
      VIR_DOMAIN_CHR_CONSOLE_TARGET_TYPE_NONE - to mark that no type was
      specified in the XML. This type is at the end converted to the standard
      VIR_DOMAIN_CHR_CONSOLE_TARGET_TYPE_SERIAL. Other types that are
      different from this default have to be processed separately in the
      device post parse callback.
      482e5f15
    • P
      virCaps: get rid of macPrefix field · 46becc18
      Peter Krempa 提交于
      Use the virDomainXMLConf structure to hold this data and tweak the code
      to avoid semantic change.
      
      Without configuration the KVM mac prefix is used by default. I chose it
      as it's in the privately administered segment so it should be usable for
      any purposes.
      46becc18
    • P
      virCaps: get rid of hasWideScsiBus · 8960d656
      Peter Krempa 提交于
      Use the virDomainXMLConf structure to hold this data.
      8960d656
    • P
      virCaps: get rid of defaultDiskDriverType · b2990849
      Peter Krempa 提交于
      Use the qemu specific callback to fill this data in the qemu driver as
      it's the only place where it was used and fix tests as the qemu test
      capability object didn't configure the defaults for the tests.
      b2990849
    • P
      virCaps: get rid of emulatorRequired · b5def001
      Peter Krempa 提交于
      This patch removes the emulatorRequired field and associated
      infrastructure from the virCaps object. Instead the driver specific
      callbacks are used as this field isn't enforced by all drivers.
      
      This patch implements the appropriate callbacks in the qemu and lxc
      driver and moves to check to that location.
      b5def001
    • P
      virCaps: get rid of defaultDiskDriverName · 9ea249e7
      Peter Krempa 提交于
      This patch removes the defaultDiskDriverName from the virCaps
      structure. This particular default value is used only in the qemu driver
      so this patch uses the recently added callback to fill the driver name
      if it's needed instead of propagating it through virCaps.
      9ea249e7
    • P
      virCaps: get rid of "defaultInitPath" value in the virCaps struct · 4750c848
      Peter Krempa 提交于
      This gets rid of the parameter in favor of using the new callback
      infrastructure to do the same stuff.
      
      This patch implements the domain adjustment callback in the openVZ
      driver and moves the check from the parser to a new validation method in
      the callback infrastructure.
      4750c848
    • P
      qemu: Record the default NIC model in the domain XML · a68d6726
      Peter Krempa 提交于
      This patch implements the devices post parse callback and uses it to fill
      the default qemu network card model into the XML if none is specified.
      
      Libvirt assumes that the network card model for qemu is the "rtl8139".
      Record this in the XML using the new callback to avoid user
      confusion.
      a68d6726
    • P
      conf callback: Rearrange function parameters · ad0d10b2
      Peter Krempa 提交于
      Move the xmlopt and caps arguments to the end of the argument list.
      ad0d10b2
    • P
      conf: Add post XML parse callbacks and prepare for cleaning of virCaps · 43b99fc4
      Peter Krempa 提交于
      This patch adds instrumentation that will allow hypervisor drivers to
      fill and validate domain and device definitions after parsed by the XML
      parser.
      
      With this patch, after the XML is parsed, a callback to the driver is
      issued requesting to fill and validate driver specific details of the
      configuration. This allows to use sensible defaults and checks on a per
      driver basis at the time the XML is parsed.
      
      Two callback pointers are stored in the new virDomainXMLConf object:
      * virDomainDeviceDefPostParseCallback (devicesPostParseCallback)
        - called for a single device parsed and for every single device in a
          domain config. A virDomainDeviceDefPtr is passed along with the
          domain definition and virCaps.
      
      * virDomainDefPostParseCallback, (domainPostParseCallback)
        - A callback that is meant to process the domain config after it's
        parsed.  A virDomainDefPtr is passed along with virCaps.
      
      Both types of callbacks support arbitrary opaque data passed for the
      callback functions.
      
      Errors may be reported in those callbacks resulting in a XML parsing
      failure.
      43b99fc4
    • P
      maint: Rename xmlconf to xmlopt and virDomainXMLConfig to virDomainXMLOption · e84b1931
      Peter Krempa 提交于
      This patch is the result of running:
      
      for i in $(git ls-files | grep -v html | grep -v \.po$ ); do
        sed -i -e "s/virDomainXMLConf/virDomainXMLOption/g" -e "s/xmlconf/xmlopt/g" $i
      done
      
      and a few manual tweaks.
      e84b1931
  2. 04 4月, 2013 13 次提交
    • D
      Create fake NUMA info if libnuma isn't available · 8d3d05d3
      Daniel P. Berrange 提交于
      If libnuma is not compiled in, or numa_available() returns an
      error, stub out fake NUMA info consisting of one NUMA cell
      containing all CPUs and memory.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      8d3d05d3
    • D
      Cope with missing /sys/devices/system/cpu/cpu0/topology files · 4a289151
      Daniel P. Berrange 提交于
      Not all kernel builds have any entries under the location
      /sys/devices/system/cpu/cpu0/topology. We already cope with
      that being missing in some cases, but not all. Update the
      code which looks for thread_siblings to cope with the missing
      file
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      4a289151
    • D
      Add armv6l architecture to list of valid arches · 9c29c52c
      Daniel P. Berrange 提交于
      The Raspberry Pi runs the armv6l architecture and apparently
      people are trying to run libvirt LXC on it. So we should allow
      that as a valid arch
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      9c29c52c
    • D
      Implement minimal sysinfo for ARM platforms · 347081ef
      Daniel P. Berrange 提交于
      Implement the bare minimal sysinfo for ARM platforms by
      reading the CPU models from /proc/cpuinfo
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      347081ef
    • D
      Disable of unused sysinfotest functions · 0464ab18
      Daniel P. Berrange 提交于
      Certain functions in the sysinfotest.c are not used unless
      a whitelisted architecture is being built. Disable those
      functions unless required to avoid warnings about unused
      functions.
      
      sysinfotest.c:93:1: warning: 'sysinfotest_run' defined but not used [-Wunused-function]
       sysinfotest_run(const char *test,
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      0464ab18
    • D
      Wire up sysinfo for LXC driver · 6263fc5a
      Daniel P. Berrange 提交于
      The sysinfo code used by QEMU is trivially portable to the
      LXC driver
      6263fc5a
    • D
      Add support for SD cards in nodedev driver · e2b373e6
      Daniel P. Berrange 提交于
      The nodedev driver currently only detects harddisk, cdrom
      and floppy devices. This adds support for SD cards, which
      are common storage for ARM devices, eg the Google ChromeBook
      
      <device>
        <name>block_mmcblk0_0xb1c7c08b</name>
        <parent>computer</parent>
        <capability type='storage'>
          <block>/dev/mmcblk0</block>
          <drive_type>sd</drive_type>
          <serial>0xb1c7c08b</serial>
          <size>15758000128</size>
          <logical_block_size>512</logical_block_size>
          <num_blocks>30777344</num_blocks>
        </capability>
      </device>
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      e2b373e6
    • D
      Revert "lxc: Prevent shutting down the host" · edd87fa2
      Daniel P. Berrange 提交于
      This reverts commit c9c87376.
      
      Now that we force all containers to have a root filesystem,
      there is no way the host's /dev is ever exposed
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      edd87fa2
    • D
      Auto-add a root <filesystem> element to LXC containers on startup · c131525b
      Daniel P. Berrange 提交于
      Currently the LXC container code has two codepaths, depending on
      whether there is a <filesystem> element with a target path of '/'.
      If we automatically add a <filesystem> device with src=/ and dst=/,
      for any container which has not specified a root filesystem, then
      we only need one codepath for setting up the filesystem.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      c131525b
    • D
      Remove support for old kernels lacking private devpts · f7e8653f
      Daniel P. Berrange 提交于
      Early on kernel support for private devpts was not widespread,
      so we had compatibiltiy codepaths. Such old kernels are not
      seriously used for LXC these days, so the compat code can go
      away
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      f7e8653f
    • A
      storage: Fix volume cloning for logical volume. · d369e508
      Atsushi Kumagai 提交于
      When creating a logical volume with virStorageVolCreateXMLFrom,
      "qemu-img convert" is called internally if clonevol is a file volume.
      Then, vol->target.format is used as output_fmt parameter but the
      target.format of logical volumes is always 0 because logical volumes
      haven't the volume format type element.
      
      Fortunately, 0 was treated as RAW file format before commit f772b3d9,
      so there was no problem. But now, 0 is treated as the type of none,
      qemu-img fails with "Unknown file format 'none'".
      
      This patch fixes this issue by treating output block devices as RAW
      file format like for input block devices.
      Signed-off-by: NAtsushi Kumagai <kumagai-atsushi@mxc.nes.nec.co.jp>
      d369e508
    • G
      security_manager: fix comparison · ea151935
      Guido Günther 提交于
      otherwise we crash later on if we don't find a match like:
      
       #0  0xb72c2b4f in virSecurityManagerGenLabel (mgr=0xb8e42d20, vm=0xb8ef40c0) at security/security_manager.c:424
       #1  0xb18811f3 in qemuProcessStart (conn=conn@entry=0xb8eed880, driver=driver@entry=0xb8e3b1e0, vm=vm@entry=0xb8ef58f0,
           migrateFrom=migrateFrom@entry=0xb18f6088 "stdio", stdin_fd=18,
           stdin_path=stdin_path@entry=0xb8ea7798 "/var/lib/jenkins/jobs/libvirt-tck-build/workspace/tck.img", snapshot=snapshot@entry=0x0,
           vmop=vmop@entry=VIR_NETDEV_VPORT_PROFILE_OP_RESTORE, flags=flags@entry=2) at qemu/qemu_process.c:3364
       #2  0xb18d6cb2 in qemuDomainSaveImageStartVM (conn=conn@entry=0xb8eed880, driver=driver@entry=0xb8e3b1e0, vm=0xb8ef58f0, fd=fd@entry=0xb6bf3f98,
           header=header@entry=0xb6bf3fa0, path=path@entry=0xb8ea7798 "/var/lib/jenkins/jobs/libvirt-tck-build/workspace/tck.img",
           start_paused=start_paused@entry=false) at qemu/qemu_driver.c:4843
       #3  0xb18d7eeb in qemuDomainRestoreFlags (conn=conn@entry=0xb8eed880,
           path=path@entry=0xb8ea7798 "/var/lib/jenkins/jobs/libvirt-tck-build/workspace/tck.img", dxml=dxml@entry=0x0, flags=flags@entry=0)
           at qemu/qemu_driver.c:4962
       #4  0xb18d8123 in qemuDomainRestore (conn=0xb8eed880, path=0xb8ea7798 "/var/lib/jenkins/jobs/libvirt-tck-build/workspace/tck.img")
           at qemu/qemu_driver.c:4987
       #5  0xb718d186 in virDomainRestore (conn=0xb8eed880, from=0xb8ea87d8 "/var/lib/jenkins/jobs/libvirt-tck-build/workspace/tck.img") at libvirt.c:2768
       #6  0xb7736363 in remoteDispatchDomainRestore (args=<optimized out>, rerr=0xb6bf41f0, client=0xb8eedaf0, server=<optimized out>, msg=<optimized out>)
           at remote_dispatch.h:4679
       #7  remoteDispatchDomainRestoreHelper (server=0xb8e1a3e0, client=0xb8eedaf0, msg=0xb8ee72c8, rerr=0xb6bf41f0, args=0xb8ea8968, ret=0xb8ef5330)
           at remote_dispatch.h:4661
       #8  0xb720db01 in virNetServerProgramDispatchCall (msg=0xb8ee72c8, client=0xb8eedaf0, server=0xb8e1a3e0, prog=0xb8e216b0)
           at rpc/virnetserverprogram.c:439
       #9  virNetServerProgramDispatch (prog=0xb8e216b0, server=server@entry=0xb8e1a3e0, client=0xb8eedaf0, msg=0xb8ee72c8) at rpc/virnetserverprogram.c:305
       #10 0xb7206e97 in virNetServerProcessMsg (msg=<optimized out>, prog=<optimized out>, client=<optimized out>, srv=0xb8e1a3e0) at rpc/virnetserver.c:162
       #11 virNetServerHandleJob (jobOpaque=0xb8ea7720, opaque=0xb8e1a3e0) at rpc/virnetserver.c:183
       #12 0xb70f9f78 in virThreadPoolWorker (opaque=opaque@entry=0xb8e1a540) at util/virthreadpool.c:144
       #13 0xb70f94a5 in virThreadHelper (data=0xb8e0e558) at util/virthreadpthread.c:161
       #14 0xb705d954 in start_thread (arg=0xb6bf4b70) at pthread_create.c:304
       #15 0xb6fd595e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130
      
      This unbreaks libvirt-tck's domain/100-transient-save-restore.t with
      qemu:///session and selinux compiled in but disabled.
      
      Introduced by 8d68cbea
      ea151935
    • E
      qemu: fix memory leak on -machine usage error · e52a31d1
      Eric Blake 提交于
      Commit f84b92ea introduced a memory leak on error; John Ferlan reported
      that valgrind caught it during 'make check'.
      
      * src/qemu/qemu_command.c (qemuBuildMachineArgStr): Plug leak.
      e52a31d1
  3. 03 4月, 2013 9 次提交
    • D
      Enable full RELRO mode · fc8c1787
      Daniel P. Berrange 提交于
      By passing the flags -z relro -z now to the linker, we can force
      it to resolve all library symbols at startup, instead of on-demand.
      This allows it to then make the global offset table (GOT) read-only,
      which makes some security attacks harder.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      fc8c1787
    • D
      Build all binaries with PIE · 1150999c
      Daniel P. Berrange 提交于
      PIE (position independent executable) adds security to executables
      by composing them entirely of position-independent code (PIC. The
      .so libraries already build with -fPIC. This adds -fPIE which is
      the equivalent to -fPIC, but for executables. This for allows Exec
      Shield to use address space layout randomization to prevent attackers
      from knowing where existing executable code is during a security
      attack using exploits that rely on knowing the offset of the
      executable code in the binary, such as return-to-libc attacks.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      1150999c
    • P
      qemu-blockjob: Fix limit of bandwidth for block jobs to supported value · 24ca8fae
      Peter Krempa 提交于
      The JSON generator is able to represent only values less than LLONG_MAX, fix the
      bandwidth limit checks when converting to value to catch overflows before they
      reach the generator.
      24ca8fae
    • O
      rng: Add definition for network disk source · ad5298e1
      Osier Yang 提交于
      It's long enough to have a independant definition.
      ad5298e1
    • D
      Disable static libraries by default · ad42b34b
      Daniel P. Berrange 提交于
      Every source file is currently built twice by libtool, once for
      the shared library and once for the static library. Static libs
      are not commonly packaged by distros and slow down compilation
      time by more than 50% compared to a shared-only build time.
      
      Time for 'make -j 4':
      
            shared only: 2 mins  9 secs
        shared + static: 3 mins 26 secs
      
      Time for non-parallel make
      
            shared only: 3 mins 32 secs
        shared + static: 5 mins 41 secs
      
      Those few people who really want them, can pass --enable-static
      to configure
      
      Disabling them by default requires use of LT_INIT, but for
      compat with RHEL5 we can't rely on that. So we conditionally
      use LT_INIT, but fallback to AM_PROG_LIBTOOL if not present.
      ad42b34b
    • P
      virsh: Fix typo in docs · f006f195
      Peter Krempa 提交于
      s/persitent/persistent/
      f006f195
    • M
      sec_manager: Refuse to start domain with unsupported seclabel · 8d68cbea
      Michal Privoznik 提交于
      https://bugzilla.redhat.com/show_bug.cgi?id=947387
      
      If a user configures a domain to use a seclabel of a specific type,
      but the appropriate driver is not accessible, we should refuse to
      start the domain. For instance, if user requires selinux, but it is
      either non present in the system, or is just disabled, we should not
      start the domain. Moreover, since we are touching only those labels we
      have a security driver for, the other labels may confuse libvirt when
      reconnecting to a domain on libvirtd restart. In our selinux example,
      when starting up a domain, missing security label is okay, as we
      auto-generate one. But later, when libvirt is re-connecting to a live
      qemu instance, we parse a state XML, where security label is required
      and it is an error if missing:
      
        error : virSecurityLabelDefParseXML:3228 : XML error: security label
        is missing
      
      This results in a qemu process left behind without any libvirt control.
      8d68cbea
    • M
      Allow multiple parameters for schedinfo · e7cd2844
      Martin Kletzander 提交于
      virsh schedinfo was able to set only one parameter at a time (not
      counting the deprecated options), but it is useful to set more at
      once, so this patch adds the possibility to do stuff like this:
      
      virsh schedinfo <domain> cpu_shares=0 vcpu_period=0 vcpu_quota=0 \
      emulator_period=0 emulator_quota=0
      
      Invalid scheduler options are reported as well.  These were previously
      reported only if the command hadn't updated any values (when
      cmdSchedInfoUpdate returned 0).
      
      Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=810078
      Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=919372
      Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=919375
      e7cd2844
    • P
      qemu: Fix crash when updating media with shared device · 43b6f304
      Peter Krempa 提交于
      Mimic the fix done in 02b90972 to fix crash by
      accessing an already freed structure. Also copy the explaining comment why the
      pointer can't be accessed any more.
      43b6f304
  4. 02 4月, 2013 2 次提交